Monday, 3 February 2014

MDM in SCCM 2012 R2 - Troubleshooting

As you will be aware ConfigMgr 2012 R2 provides very extensive logging to aid in troubleshooting. Log files are provided for every step of the MDM process. You just need to know where to look.

What is the problem?

You cannot enrol any device - you clearly have a global problem. Have you created the subscription and connector correctly?You cannot enrol iOS devices - verify your APN.You cannot enrol Windows 8 Phones - verify your code signing certificate and signed company app.

You cannot enrol any device with a specific user - verify the users UPN and that it has synchronized with Intune. Verify that the user has been discovered by ConfigMgr and that you have added them to the "Intune Users" collection. The process is as follows:1. Intune Subscription and Connector

Review the sitecomp.log file. Verify that the "CloudUserSync" site component has been created without error.2. Configure UPN and sync AD users with Intune

Browse to the
DirSync folder and launch miisclient.exe as Administrator

Note that DirSync synchronises with Azure every 3 hours by default. You
can run it manually using the procedure above as often as you require (eg. you have added a new user, changed a password or added a UPN).

Adding a user to the Intune Users collection allows that user to enrol mobile devices. When you add a user to the collection check in the console to verify that it was actually added. You may have to right click on the collection to "Update Membership".

If you do not want to wait for the scheduled syncronization with Intune you can force the sync by restarting the "CloudUserSync" site component.

Right click on any site component and choose to start the Configuration Manager Service Manager.

Right click on the SMS_CLOUD_USERSYNC component and select Query.

You will see that the component is running. Right click again and choose to stop itReverse the process to start it again.(Note that restarting the server has the same effect but that's a little extreme.)

Verify that your change was successful using the cloudusersync.log file.5. Enrol devices

Check the Dmpuploader.log to verify the connector site system role is able upload policy etc. to the Windows Intune Service.

Check the Dmpdownloader.log to verify that the connector is able to download messages from Windows Intune. Note: this log might only show a ping at the beginning, there might be no messages created for download initially.